httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48215] Renegotiation with SSLVerifyDepth 0 requires multiple client authentication
Date Sun, 22 Nov 2009 12:56:30 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48215

--- Comment #6 from Kaspar Brand <asfbugz@velox.ch> 2009-11-22 04:56:24 UTC ---
Created an attachment (id=24583)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24583)
Proposed fix

(In reply to comment #5)
> it's clearly a bug which can and should be fixed.

I guess I inadvertently introduced this bug when adding support for handling
SNI configurations. The attached patch should adress this issue, I believe.

BTW, note that when I was testing a similar configuration with OpenSSL
1.0.0-beta4 and a checkout of OpenSSL_0_9_8-stable, I noticed that these two
OpenSSL checkins:

  http://cvs.openssl.org/chngview?cn=18318
  http://cvs.openssl.org/chngview?cn=18320

actually necessitate a backport of either r787722 or r788715, otherwise the
renegotiation will stall. I would recommend to include these with 2.2.15.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message